Hi all, I need some help from the community with this. I am very close to a solution, but may have hit a snag.
The accepted approach for encrypting an AIR app is to deliver an encrypted swf with a wrapper that decrypts and loads the child. The issue becomes how/where to store the decryption key for the wrapper to use when loading the child. Nitro-LM / Simplified Logic embeds the key in wrapper and uses proprietary methods to make extracting that key difficult. Here is the alternative I am playing with: Company X create a simple program compiled with the same product id and AIR certificate as the program they are distributing to generate at home base the files for an empty Encrypted Local Store that has had the encryption key added to it. Then, the Encrypted Local Store files created by AIR are added to the AIR file - these files are encrypted with AIR's encryption mechanism. When the AIR file is installed, these files are then copied by the wrapper into the Encrypted Local Store directory and then read from using the AIR API for the Encrypted Local Store - and voila - the wrapper has the decryption key and the key is never transmitted in clear text. I tried this and it seemed to work, but then it seems as if it doesn't work from one computer to the next - AIR seems to encrypt the ELS files with a formula that includes the program ID, the AIR certificate, AND the user's computer id, which prevents the company from distributing the original ELS files. Can only Adobe verify whether this solution will work? Can anyone lend insight / advice on this? Thanks.
